package cn.ww.conf;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

//@EnableWebSecurity // 启动SpringSecurity过滤器链
public class SecurityConf extends WebSecurityConfigurerAdapter {

   /*@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
        .withUser("aaa").password(new BCryptPasswordEncoder().encode("123"))
        .roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .antMatchers("/**")
        .fullyAuthenticated() //前面Match的资源需要认证
        .and()
        .httpBasic();
        
        
        
         //.anonymous() 匿名用户可以访问,登录后的用户不能访问
         //.permitAll() 匿名用户和登录后的用户都可以访问
         //.and().formLogin().loginPage(loginPage) 自定义表单登录页
         
    }*/

    /**   自定义登录页    */
    /*@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
        .withUser("aaa").password(new BCryptPasswordEncoder().encode("123")).roles("USER");
    }*/

   /* @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .anyRequest().authenticated()
        .and().formLogin().loginPage("/userLogin").loginProcessingUrl("/login").permitAll()
        .and().csrf().disable();
    
        
        /** 
         1 authenticated 与 fullyAuthenticated的区别
         authenticated Returns true if the user is not anonymous
         fullyAuthenticated Returns true if the user is not an anonymous or a remember-me user
         2 .anyRequest() 与 .antMatchers("/**") 的作用一样
         */
    /*}*/
    
    
    
    /**   资源权限控制     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
        .withUser("aaa").password(new BCryptPasswordEncoder().encode("123")).roles("USER","UPDATE","VIEW")
        .and().withUser("bbb").password(new BCryptPasswordEncoder().encode("123")).roles("VIEW");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .antMatchers("/product/add").hasRole("UPDATE")
        .antMatchers("/product/update").hasRole("UPDATE")
        .antMatchers("/product/delete").hasRole("UPDATE")
        .antMatchers("/product/list").hasRole("VIEW")
        .anyRequest().authenticated()
        .and().formLogin().loginPage("/userLogin").loginProcessingUrl("/login").permitAll()
        .and().csrf().disable();
    
        

    }
    
}
